Wireless Device Authentication and Service Access

1. A method comprising: authenticating a client device for a network; receiving a service request from the client device at an authenticator network device; receiving user credentials including a user ID, a user key, and a nonce for a user who initiated the service request; generating a token using the user credentials; modifying the service request to include the token and a user ID parameter that is the user ID to generate a modified service request; decoding the token included in the modified service request; determining the user key from the user ID parameter included in the modified service request; decrypting the token using the user key to extract a body in plain text; determining the user ID and the nonce from the body in plain text; determining a reference nonce from the user ID; determining whether the reference nonce matches the nonce determined from the body in plain text extracted from the token; if it is determined that the reference nonce matches the nonce determined from the body in plain text extracted from the token, then determining that the user ID determined from the body in plain text extracted from the token is valid; if it is determined that the user ID determined from the body in plain text extracted from the token is valid, using the user ID determined from the body in plain text to provide single sign-on access to a service that is a subject of the service request.

2. The method of claim 1 , wherein generating the token using the user credentials comprises: generating the body in plain text that includes the user ID and the nonce; encrypting the body in plain text using the user key to generate an encrypted body in plain text; encoding the encrypted body in plain text to generate the token.

3. The method of claim 1 , wherein the user ID used to determine the reference nonce is the user ID included in the user ID parameter of the token.

4. The method of claim 1 , wherein the user ID used to determine the reference nonce is the user ID determined from the body in plain text extracted from the token.

5. The method of claim 1 , further comprising: generating a user credential query message that includes a client device identifier of the client device; receiving the user credentials including the user ID, the user key, and the nonce of the user who initiated the service request, in response to the user credential query message.

6. The method of claim 1 , wherein providing the single sign-on access to the service that is the subject of the service request using the modified service request includes providing to the user single sign-on enrollment to the service using the modified service request.

7. The method of claim 1 , wherein providing the single sign-on access to the service that is the subject of the service request using the modified service request includes providing to the user single sign-on use of the service using the modified service request.

8. The method of claim 1 , further comprising: determining whether the user is authorized to use the service using the user ID determined from the body of plain text extracted from the token; if it is determined that the user is authorized to use the service, providing data to the client device allowing the user to use the service.

9. A system comprising: a hardware processor in a client device; an authenticator communication engine configured to transmit authenticator data used in authenticating the client device for a network; a credential retrieval engine configured to receive user credentials including a user ID, a user key, and a nonce for a user who initiated a service request; a token generation system configured to generate a token using the user credentials; a service request modification engine configured to: receive the service request; modify the service request to include the token and a user ID parameter that is the user ID to generate a modified service request; a token decoding engine configured to decode the token included in the modified service request; a user key determination engine configured to determine the user key from the user ID parameter included in the modified service request; a user ID determination engine configured to: decrypt the token using the user key to extract a body in plain text; determine the user ID and the nonce from the body in plain text, the user ID determined from the body in plain text; a token validity determination engine configured to: determine a reference nonce from the user ID; determine whether the reference nonce matches the nonce determined from the body in plain text; wherein if it is determined that the reference nonce matches the nonce determined from the body in plain text extracted from the token, then the user ID determination engine is further configured to determine that the user ID determined from the body in plain text extracted from the token is valid and if it is determined the user ID determined from the body in plain text extracted from the token is valid, using the user ID determined from the body in plain text to provide single sign-on access to a service that is a subject of the service request.

10. The system of claim 9 , wherein in generating the token using the user credentials, the token generation system is configured to: Generate the body in plain text that includes the user ID and the nonce; encrypt the body in plain text using the user key to generate an encrypted body in plain text; encode the encrypted body in plain text to generate the token.

11. The system of claim 9 , wherein the user ID used to determine the reference nonce is the user ID included in the user ID parameter of the token.

12. The system of claim 9 , wherein the user ID used to determine the reference nonce is the user ID determined from the body in plain text extracted from the token.

13. The system of claim 9 , wherein the credential retrieval engine is further configured to: generate a user credential query message that includes a client device identifier of the client device; receive the user credentials including the user ID, the user key, and the nonce of the user who initiated the service request, in response to the user credential query message.

14. The system of claim 9 , wherein the single sign-on access to the service includes single sign-on enrollment to the service.

15. The system of claim 9 , where the single sign-on access to the service includes single sign-on use of the service.

16. The system of claim 9 , further comprising a service management engine configured to: determine whether the user is authorized to use the service using the user ID determined from the body of plain text extracted from the token; provide data to the client device allowing the user to use the service if it is determined that the user is authorized to use the service.